Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2314
Views
0
Helpful
3
Replies

AnyConnect SBL Certificate Problems

nxsvc-cisco
Level 1
Level 1

‎10-09-2019 07:56 AM

Hi,

a customer use any connect VPN client with certificate authentication.

The Certificates are User Certificates and everything works fine.

The customer now want to use SBL and of course this doesn´t work with normal client certificates.

So the client´s also have a device certificate, but I unable to authenticate with the certificate (I´ve try authenticate via SBL and also after I was logged in and start the connection manualy). But the certificate has the same EKU´s like the User certificate and so on. In the eventviewer I can see an error message, that the system can´t find the login information in the certificate.

 

From this point of view it looks like a problem from the certificate.

 

But, if I copy a working usercertificate into the device certificate folder, it´s possible to authenticate if I start the connetion manualy. Do I try to authenticate with that certificate SBL after a restart, it doesn´t work. After a login and a manual connection start it works again. The Error Message from during the SBL Login meens that he can´t find a certificate to autheticate.

Very Strange.

 

I hope that one of you´ve an idea. I think that it could be a right problem from the any connect client to the certificate store...

 

BR

 

P.s. Or if any one knows a good step by step guide for this topic I will be happy....

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎10-09-2019 08:11 AM

Hi,

Did you configure the AnyConnect profile to check All certificate stores? Here is an example of SBL configuration.

 

What is the exact error message?

0 Helpful

nxsvc-cisco
Level 1
Level 1
In response to Rob Ingram

‎10-14-2019 07:07 AM

Hi,

 

and thanks for your answer.

I´ve tried both (all and machine only) but there is no difference.

 

If I try to manualy connect the AnyConnect SBL (on the Login screen the button in the right low corner) I´ve get an error message

"unable to connect to this gateway please choose another one" during the connection process I can see the error message
"no valid certificate found". This is the same error message what I can see in the event log.

 

Many thanks...

 

 

0 Helpful

wabbot22
Level 1
Level 1
In response to nxsvc-cisco

‎10-15-2019 01:59 PM

Hi,

 

we´ve found the reason.
There was a problem with the admin rights from the AnyConnect Client.

After we´ve renew the run as administrator option for the Any Connect client
and we´ve disabled UAC everything works fine.....

 

BR M

0 Helpful
Customers Also Viewed These Support Documents